Update Copy-NetIPsecRule.md

Updating the details in -KeyModule parameter to reflect changes in the code for how this value is set.

Author: brandyking

docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md

@@ -706,11 +706,11 @@ Specifies that matching IPsec rules of the indicated key module are copied.
 This parameter specifies which keying modules to negotiate. 
 The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. 
 
-- Default: Equivalent to both IKEv1 and AuthIP.
-Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. 
+- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008.
 - AuthIP: Supported with phase 2 authentication. 
-- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. 
-- IKEv2: Not supported with Kerberos, PSK, or NTLM. 
+- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only.
+- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only.
+
 The default value is Default. 
 There are authentication and cryptographic methods that are only compatible with certain keying modules.
 This is a very advanced setting intended only for specific interoperability scenarios.
@@ -725,7 +725,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2
 
 Required: False
 Position: Named
-Default value: None
+Default value: Default
 Accept pipeline input: False
 Accept wildcard characters: False
 ```